GSM Researcher stopped at Heathrow Airport by UK government officials

[InfoSec News <alerts () infosecnews org>]

http://blog.thc.org/index.php?/archives/1-GSM-Researcher-stopped-at-Heathrow-Airport-by-UK-government-officials.html

By John Doe  
April 16. 2008

I was leaving today from the United Kingdom/Heathrow airport. I am about 
to speak at the HITB IT security conference about GSM security and the 
USRP (gnu-radio project).

I was searched by the UK government while waiting at the Gate and 
reading a newspaper. A UK Government employee flipped his badge and said 
"Let's talk. Come over here".

They detained my USRP (Software Defined Radio), my mobile phone and my 
personal SIM card.

They did their homework. They knew who I am, where i live, which day I 
speak at the conference and who I work for.

I'm involved in the GSM software project where we also developed a new 
attack against the GSM encryption A51. We published our research in 
February at the Blackhat security conference in Washington DC.

I understand that the government wanted to make sure that I'm not 
exporting any cryptanalytic device.

I did not. I will not. The USRP is a radio. My mobile phone is a normal 
nokia 3310 phone and my SIM card is a sim card.

They said they do not know what the USRP is and that I can not take it 
until they have checked it in the lab. This can take 14 days (1/2 
month).

So be it. They have it for 14 days. Guys, enjoy the device! It's fun 
playing around with it!

I'm uneasy that they took my mobile phone and my sim card. Having a 
pregnant wife at home and not being reachable complicates my situation.

Is this common practice? Are they allowed to do this?
Any tips how I can get my mobile phone and my sim card back quicker?

Our project: http://wiki.thc.org/gsm
The USRP is available from http://www.ettus.com
The GNU RADIO project: http://www.gnu.org/software/gnuradio


stunning,

THC
---
Appendix: Surprisingly they did not detain my laptop or my paperwork 
which would be the most likely place to store any information related to 
cracking A51. They were also not interested in my 160GB harddrive which 
would have been the obvious place for storing the rainbow tables. 
Neither were they interested in the high performance FPGA chip.

Instead they took all equipment that could have been used for 
demonstrating that GSM signals can be received with publicly available 
hardware for 700 USD.

It does not appear that they were after cryptanalytic information.

I received a yellow paper about my detained goods. They left the field 
blank that reads "The goods specified below are detained for the 
following reason:". What reason?

They also crossed out the field "Agent" of the officer who was in charge 
of the operation.


-==-
Let identityLoveSock take your personal information into 
their wanting hands. http://www.identity-love-sock.com/ 
Because victims have money too.